Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Web applications often contain cross-site scripting (XSS) vulnerabilities that can easily be exploited. Depending on the type of malicious script and whether it can affect other browsers, the impact to the victim can be significant if sensitive information is stolen.
The system might change the risk score for this detection.
Kill Chain
Risk Score
65
%20Attack-LT.png&w=1080&q=75)
During a cross-site scripting (XSS) attack, an attacker inserts a malicious script into a link or content associated with a trusted web application, and the script is then delivered to an unsuspecting victim to run in their browser. There are several techniques for accomplishing an XSS attack. For example, stored XSS is a technique where the attacker injects the malicious script into content that is stored on a web server and then later served to victims. With reflected XSS, the attacker injects a malicious script into the URI parameters of a link. After the victim clicks the link, an HTTP request with the malicious script is sent to the web server, and then the script is bounced back from the server to the victim. Whichever technique is deployed, ultimately the malicious script runs in the browser of the victim. The attacker is able to collect sensitive information such as credentials, cookies, or session tokens, or the attacker can rewrite the HTML of a web page to further trick the victim with a phishing attack.
Enforce safe coding rules with a security-focused encoding library
Parse and clean HTML-formatted text from markup languages with an HTML-sanitization library
Do not allow untrusted data to be inserted into HTML documents
Do not accept scripts or code from untrusted sources
